CPI
/
ordr3
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Our custom ordering system
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 Commits
2 Branches
1 Tag
4.9 MiB
 
 
 
 
 
 
Tree: d4d45d12e4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd4d45d12e4'
${ noResults }
ordr3/ordr3/views/account.py

286 lines
8.0 KiB
Raw Blame History

""" static and login pages """
import deform
from pyramid.view import view_config
from pyramid.security import forget, remember
from pyramid.httpexceptions import HTTPFound
from .. import models, security, services
from ..repo import RepoItemNotFound
from ..events import FlashMessage, PasswordResetEmail
from ..schemas import account
@view_config(
context="ordr3:resources.Root",
name="login",
permission="login",
request_method="GET",
renderer="ordr3:templates/account/login.jinja2",
)
def login(context, request):
return {"error": False}
@view_config(
context="ordr3:resources.Root",
name="login",
permission="login",
request_method="POST",
require_csrf=False,
renderer="ordr3:templates/account/login.jinja2",
)
def check_credentials(context, request):
username = request.POST.get("username", "")
password = request.POST.get("password", "")
crypt_context = security.get_passlib_context()
user = services.verify_credentials(
request.repo, crypt_context, username, password
)
if user is not None and user.is_active:
headers = remember(request, user.id)
return HTTPFound(
request.resource_path(request.root, "orders"), headers=headers
)
return {"error": True}
@view_config(
context="ordr3:resources.Root", name="logout", permission="logout"
)
def logout(context, request):
""" logout of a user """
return HTTPFound(
request.resource_path(request.root, "login"), headers=forget(request)
)
@view_config(
context="ordr3:resources.Root",
name="registration",
permission="registration",
request_method="GET",
renderer="ordr3:templates/account/registration.jinja2",
)
def registration(context, request):
form = account.RegistrationSchema.as_form(request)
return {"form": form}
@view_config(
context="ordr3:resources.Root",
name="registration",
permission="registration",
request_method="POST",
renderer="ordr3:templates/account/registration.jinja2",
)
def register_new_user(context, request):
if "Create_Account" not in request.POST:
return HTTPFound(request.resource_path(request.root))
form = account.RegistrationSchema.as_form(request)
data = request.POST.items()
try:
appstruct = form.validate(data)
except deform.ValidationFailure:
return {"form": form}
new_user = models.User(
id=None,
password=None,
username=appstruct["user_name"],
first_name=appstruct["first_name"],
last_name=appstruct["last_name"],
email=appstruct["email"],
role=models.UserRole.NEW,
)
services.set_new_password(new_user, appstruct["password"], request)
request.repo.add_user(new_user)
return HTTPFound(request.resource_path(request.root, "registered"))
@view_config(
context="ordr3:resources.Root",
name="registered",
permission="view",
renderer="ordr3:templates/account/registration_complete.jinja2",
)
def registration_complete(context, request):
return {}
@view_config(
context="ordr3:resources.Root",
name="breached",
permission="view",
renderer="ordr3:templates/account/breached_password.jinja2",
)
def breached_password(context, request):
return {}
@view_config(
context="ordr3:resources.Root",
name="forgot",
permission="registration",
request_method="GET",
renderer="ordr3:templates/account/forgotten_password.jinja2",
)
def forgotten_password(context, request):
form = account.ForgottenPasswordSchema.as_form(request)
return {"form": form}
@view_config(
context="ordr3:resources.Root",
name="forgot",
permission="registration",
request_method="POST",
renderer="ordr3:templates/account/forgotten_password.jinja2",
)
def send_reset_link(context, request):
if "Send_Reset_Link" not in request.POST:
return HTTPFound(request.resource_path(request.root))
provided_identifier = request.POST.get("email_or_username")
try:
user = request.repo.get_user_by_username(provided_identifier)
except RepoItemNotFound:
try:
user = request.repo.get_user_by_email(provided_identifier)
except RepoItemNotFound:
user = None
if user is not None and user.is_active:
token = services.create_token_for_user(request.repo, user)
request.emit(PasswordResetEmail(user, token.token))
return HTTPFound(request.resource_path(request.root, "sent"))
@view_config(
context="ordr3:resources.Root",
name="sent",
permission="view",
renderer="ordr3:templates/account/reset_link_sent.jinja2",
)
def reset_link_sent(context, request):
return {}
@view_config(
context="ordr3:resources.Root",
name="reset",
permission="view",
request_method="GET",
renderer="ordr3:templates/account/reset_password_form.jinja2",
)
def reset_password_form(context, request):
token = request.GET.get("t")
user = services.get_user_from_reset_token(request.repo, token)
if user is None:
return HTTPFound(request.resource_path(request.root))
form = account.ResetPasswordSchema.as_form(request, token)
return {"form": form}
@view_config(
context="ordr3:resources.Root",
name="reset",
permission="view",
request_method="POST",
renderer="ordr3:templates/account/reset_password_form.jinja2",
)
def reset_password(context, request):
if "Reset_Password" not in request.POST:
return HTTPFound(request.resource_path(request.root))
token = request.GET.get("t")
user = services.get_user_from_reset_token(request.repo, token)
if user is None:
return HTTPFound(request.resource_path(request.root))
form = account.ResetPasswordSchema.as_form(request, token)
data = request.POST.items()
try:
appstruct = form.validate(data)
except deform.ValidationFailure:
return {"form": form}
services.set_new_password(user, appstruct["new_password"], request)
request.repo.delete_reset_token(request.repo.get_reset_token(token))
request.repo.clear_stale_reset_tokens()
return HTTPFound(request.resource_path(request.root, "reseted"))
@view_config(
context="ordr3:resources.Root",
name="reseted",
permission="view",
renderer="ordr3:templates/account/password_reseted.jinja2",
)
def password_reseted(context, request):
return {}
@view_config(
context="ordr3:resources.Root",
name="myaccount",
permission="account",
request_method="GET",
renderer="ordr3:templates/account/myaccount.jinja2",
)
def myaccount(context, request):
form = account.MyAccountSchema.as_form(request)
form_data = {
"user_name": request.user.username,
"first_name": request.user.first_name,
"last_name": request.user.last_name,
"email": request.user.email,
}
form.set_appstruct(form_data)
return {"form": form}
@view_config(
context="ordr3:resources.Root",
name="myaccount",
permission="account",
request_method="POST",
renderer="ordr3:templates/account/myaccount.jinja2",
)
def edit_myaccount(context, request):
if "Save_Changes" not in request.POST:
return HTTPFound(request.resource_path(request.root))
form = account.MyAccountSchema.as_form(request)
data = request.POST.items()
try:
appstruct = form.validate(data)
except deform.ValidationFailure:
return {"form": form}
request.user.first_name = appstruct["first_name"]
request.user.last_name = appstruct["last_name"]
request.user.email = appstruct["email"]
return HTTPFound(request.resource_path(request.root))
@view_config(
context="ordr3:resources.Root", name="mypassword", permission="account"
)
def myaccount_reset_link(context, request):
token = services.create_token_for_user(request.repo, request.user)
request.emit(PasswordResetEmail(request.user, token.token))
request.emit(
FlashMessage.info(
f"A password reset link has been sent to {request.user.email}."
)
)
return HTTPFound(request.resource_path(request.root))